I was using Wireshark in order to check the activity of an unknown client in my home network, and to my surprise, I found some strange connections established by my own computer. I disconnected all clients from the network but myself, rebooted my computer, logged in as root, didn't start any programs and ran wireshark again. To my surprise, the connections were still being made:

3 Answers
3

Looking at the packet capture you've got there, it looks like your computer is rejecting the connection attempts (the port unreachable messages), so it's not necessarily that there's something running on your system causing the traffic, more that other computer are trying to reach you.

What's apparent though is that there's no firewall restricting access between you and those hosts. Now you've got a RFC 1918 address (192.168.25.204) so usually traffic shouldn't be able to route to you directly.

Do you have port forwarding or address forwarding setup on your firewall? If so I'd recommend restricting it when you don't need it.

Apart from that have you run bit-torrent on they machine in the past? If so it could just be other systems in one of the torrents you were part of trying to connect to you based on old information...

It seems there is nothing wrong with uTorrent protocol. These are incomming connections, but as you mentioned before you don't have any Torrent client running. Did you have it before? Torrent clients try to open a connection with you if your IP was in their cache, so basically they are knocking at your closed door.

If you are not explicitly redirecting traffic from your perimeter router to 192.168.25.204 port 62456, probably your router is still remembering connections to that IP in its translation table (NAT) because in the recent past you have used a Bittorrent client.

In that case, you may stop that traffic (not the traffic from the remote IP addresses to your router) by resetting the router or cleaning its translation table by entering in the router configuration interface.